Could using your heartbeat as a password be the future of authentication?
Biometric authentication is quickly starting to play a bigger role in our everyday lives, providing an increased level of security compared to the humble username and password.
Silicon recently spoke to Alan Foreman, CEO of Belfast-based biometric company B-Secur, which is using ECG/heartbeat data as a way of driving authentication. The full interview can be found below.
What is B-Secur’s approach to the use of biometrics for authentication?
B-Secur has developed a Electrocardiogram (ECG/EKG) biometric technology that is
more secure and convenient than PINs/Passwords or first generation biometrics for user
The ECG is an electrical signal that is generated each time the heart beats, the signal – known as the PQRST complex – holds a myriad of information unique to the individual, which can be used to authenticate against a stored profile.
Rather than developing our own products, B-Secur is focused on developing sensing, algorithm, security and integration solutions for other companies’ products, with applications across industries in such areas as Fintech, Access Control, Health & Wellness and Automotive.
What differentiates ECG biometrics from other modalities?
ECG is a ‘next generation’ biometric technology that has significant improvements on other
modalities within the industry. Firstly, as an internal biometric. Using a biometric that is inside the human body makes it much harder to spoof, steal or mimic – unlike fingerprints, facial recognition or voice which can be seen and heard and leave behind latent copies that can be used to gain access.
Secondly, through presence detection. An electrocardiogram (ECG) is an inherently ‘live’
signal providing the ultimate presence detection to authentication, i.e. you need the person
present to authenticate them.
And thirdly, cross-domain applicability. You don’t need expensive sensors to pick up the ECG signal – just conductive material. So the technology can be applied to multiple use-cases across multiple industries such as; automotive, cybersecurity, fintech, medical, etc.
A key point is that no other biometric can combine authentication, health and wellness potential to give insight to a person’s state as they attempt to authenticate on a device or a system.
You’ve done some work in the automotive industry. How do you see ECG biometrics being integrated into vehicles?
Yes, we have – we are currently working with a both a payments provider and automotive
company to bring payments to connected cars as well as looking at how the ECG could be
used to authenticate drivers and monitor their health while driving.
Imagine getting into a car and being able to start the engine just by holding the steering
wheel, then as you are driving we pick up and monitor your ECG to ensure there is no
fatigue or major cardiac event occurring while you are on the road. You then pull into a
parking spot and your car automatically pays through your credit card as you are
authenticated through your ECG to the car.
That’s the future of ECG biometrics within automotive. It may have an even bigger role to play when autonomous vehicles start hitting the market but we will have to wait and see!
Which other industries could this technology impact?
The ability to pick up the ECG through lots of different conductive materials; metals, inks,
fabrics, etc. allows ECG biometrics to be applied to a lot of industries and use-cases. Currently, we are focusing our pilots in the access control space. We have added our technology directly into access control cards, allowing only the correct user to access buildings or restricted spaces.
We are also seeing big interest within the health and wellness wearable space, bringing ECG authentication to wearable devices but also to provide data points such as the person’s stress levels or mood. This we think will be a big space of potential growth in the future.